Using the built-in WiX insignia tool is pretty straight forward. Here are the steps to make the WiX MSI Sign Code:
- Configure
signtool as a batch file in my PATH so that I can call it and change it easily. I am running Windows 10, so my "signtool.bat" looks like this:
"c:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe" %* - Configure
insignia as a batch file in my PATH so you can change it with new WiX assemblies as they become available. My "insignia.bat" is as follows:
"C:\Program Files (x86)\WiX Toolset v3.10\bin\insignia.exe" %* - Sign my MSI in the post-build event (MSI project -> Properties -> Build Events) by calling this:
signtool sign /f "c:\certificates\mycert.pfx" /p cert-password /d "Your Installer Label" /t http://timestamp.verisign.com/scripts/timstamp.dll /v $(TargetFileName)
Further notes and thoughts:
I also signed up the application (I think) by simply doing Project Properties -> Signing and enabling click-once manifests, selecting a certificate and checking the Sign the assembly option.
Here's my similar answer on how to do the same, but for the bootstrap package: using signs to sign WiX MSI and bootstrap package
/ li>